Tag: corporate

Victoria’s Secret delays earnings release after security incident

Jun 3, 2025 3:54 PM

Tags: corporate, security-incident

Fashion retail giant Victoria’s Secret has delayed its first quarter 2025 earnings release because of ongoing corporate system restoration efforts following a May 24 security incident. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/victorias-secret-delays-earnings-release-after-security-incident/
Microsoft and CrowdStrike Launch Shared Threat Actor Glossary to Cut Attribution Confusion

Jun 3, 2025 10:54 AM

Tags: corporate, crowdstrike, microsoft, threat

Microsoft and CrowdStrike have announced that they are teaming up to align their individual threat actor taxonomies by publishing a new joint threat actor mapping.”By mapping where our knowledge of these actors align, we will provide security professionals with the ability to connect insights faster and make decisions with greater confidence,” Vasu Jakkal, corporate vice…
AI gives superpowers to BEC attackers

Jun 3, 2025 9:54 AM

Tags: ai, attack, authentication, automation, business, ceo, cloud, communications, corporate, credentials, crypto, data, deep-fake, defense, dmarc, email, exploit, finance, framework, fraud, gartner, google, group, identity, india, jobs, LLM, mail, malicious, malware, microsoft, mitigation, office, phishing, phone, scam, service, skills, social-engineering, spam, spear-phishing, strategy, technology, theft, threat, tool, training

The role of AI in business email compromise: Unlike traditional spam or phishing emails, which are designed to be as generic as possible, BEC fraud is highly targeted. Attackers must do a great deal of research about their targets to craft their messages and time their attacks for when their victim would be most susceptible,…
Getting the Most Value Out of the OSCP: After the Exam

Jun 2, 2025 10:54 PM

Tags: access, attack, automation, bug-bounty, business, cloud, compliance, conference, control, corporate, credentials, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, flaw, framework, google, governance, group, guide, hacker, hacking, incident response, infosec, injection, intelligence, Internet, iran, jobs, kali, linkedin, linux, malicious, malware, microsoft, mobile, network, office, open-source, penetration-testing, powershell, privacy, RedTeam, reverse-engineering, risk, service, skills, soc, social-engineering, sql, strategy, stuxnet, technology, threat, tool, training, update, vulnerability, windows

In the final post of this series, I’ll discuss what to do after your latest exam attempt to get the most value out of your OSCP journey. DISCLAIMER: All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s copyright policies and agreements. I have not been…
North Korea’s Laptop Farm Scam: ‘Something We’d Never Seen Before’

May 29, 2025 11:55 PM

Tags: breach, corporate, korea, north-korea, scam

Officials uncover how North Korean operatives used stolen identities and remote-controlled tech to infiltrate American companies and steal corporate data. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-north-korea-laptop-farm-remote-job-scam/
Interlock Ransomware Uses NodeSnake RAT for Persistent Access to Corporate Networks

May 29, 2025 7:55 PM

Tags: access, corporate, cyber, group, intelligence, malware, network, ransomware, rat, threat

In a two UK-based universities have fallen victim to a sophisticated Remote Access Trojan (RAT) dubbed NodeSnake within the past two months. According to analysis by Quorum Cyber’s Threat Intelligence (QCTI) team Report, this malware, likely deployed by the ransomware group Interlock, showcases advanced capabilities for persistent access and network infiltration. Emerging Threat Targets Higher…
6 rising malware trends every security pro should know

May 29, 2025 8:55 AM

Tags: adobe, ai, antivirus, apple, attack, awareness, backdoor, business, captcha, cloud, corporate, cybercrime, data, defense, detection, encryption, endpoint, exploit, extortion, framework, group, hacking, incident response, infrastructure, intelligence, Internet, law, leak, macOS, malicious, malware, network, password, phishing, powershell, programming, pypi, ransom, ransomware, service, social-engineering, software, supply-chain, tactics, theft, threat, tool, update, vulnerability, worm

Malicious packages targeting developer environments: Threat actors are systematically compromising the software supply chain by embedding malicious code within legitimate development tools, libraries, and frameworks that organizations use to build applications.”These supply chain attacks exploit the trust between developers and package repositories,” Immersive’s McCarthy tells CSO. “Malicious packages often mimic legitimate ones while running harmful…
CFOs, financial execs in crosshairs of ‘highly targeted’ spearphishing campaign

May 28, 2025 10:55 PM

Tags: corporate, finance, hacker, insurance

Hackers are preying on senior corporate leaders at banks, investment firms, utilities and insurance companies worldwide. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/spearphishing-remote-access-campaign-cfos-finance-executives-trellix/749192/
Interlock ransomware gang deploys new NodeSnake RAT on universities

May 28, 2025 8:55 PM

Tags: access, corporate, ransomware, rat

The Interlock ransomware gang is deploying a previously undocumented remote access trojan (RAT) named NodeSnake against educational institutes for persistent access to corporate networks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/interlock-ransomware-gang-deploys-new-nodesnake-rat-on-universities/
If you use OneDrive to upload files to ChatGPT or Zoom, don’t

May 28, 2025 3:55 PM

Tags: access, api, chatgpt, compliance, corporate, cybersecurity, data, google, governance, least-privilege, microsoft, mitigation, risk, saas, security-incident, service, strategy, threat, tool

Web app vendors aren’t off the hook: This could be bad news for security teams, according to Eric Schwake, director of cybersecurity strategy at Salt Security. “Sensitive secrets required for this access are often stored in an insecure manner by default,” Schwake said. “This situation presents a key API security challenge for security teams, and…
‘Secure email’: A losing battle CISOs must give up

May 28, 2025 10:55 AM

Tags: access, attack, authentication, business, cisco, ciso, communications, compliance, corporate, credentials, cyber, cybercrime, data, dkim, dmarc, dns, email, encryption, finance, google, Internet, mail, mfa, microsoft, mobile, password, phishing, risk, service, threat, tool, windows

End-to-end encryption remains elusive: Email continues to be the dominant electronic communication tool today because it is well understood, relatively easy to use, and relatively inexpensive. By and large, businesses have approved email for sending confidential information, and we often convince ourselves that it is secure, can be secured with third-party tools, or it’s “good…
Threat Actors Use Fake DocuSign Notifications to Steal Corporate Data

May 27, 2025 5:54 PM

Tags: corporate, credentials, cyber, data, phishing, threat

DocuSign has emerged as a cornerstone for over 1.6 million customers worldwide, including 95% of Fortune 500 companies, and boasts a user base exceeding one billion. However, this widespread adoption has made DocuSign a prime target for cybercriminals. Leveraging the platform’s trusted reputation, threat actors are increasingly deploying sophisticated phishing campaigns to harvest corporate credentials,…
AI Agents and the Non”‘Human Identity Crisis: How to Deploy AI”¯More Securely”¯at”¯Scale

May 27, 2025 2:54 PM

Tags: ai, corporate, identity, intelligence, service

Artificial intelligence is driving a massive shift in enterprise productivity, from GitHub”¯Copilot’s code completions to chatbots that mine internal knowledge bases for instant answers. Each new agent must authenticate to other services, quietly swelling the population of non”‘human identities (NHIs) across corporate clouds.That population is already overwhelming the enterprise: many companies First seen on thehackernews.com…
Experts Chart Path to Creating Safer Online Spaces for Women

May 22, 2025 2:54 PM

Tags: corporate, law, privacy, technology

Gaps in laws, technology, and corporate accountability continue to put women’s safety and privacy online at risk. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/experts-path-creating-safer-online-spaces
3AM ransomware uses spoofed IT calls, email bombing to breach networks

May 21, 2025 7:54 PM

Tags: access, attack, breach, corporate, credentials, email, network, ransomware

A 3AM ransomware affiliate is conducting highly targeted attacks using email bombing and spoofed IT support calls to socially engineer employees into giving credentials for remote access to corporate systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/3am-ransomware-uses-spoofed-it-calls-email-bombing-to-breach-networks/
Coinbase data breach impacted 69,461 individuals

May 21, 2025 4:54 PM

Tags: breach, corporate, crypto, data, data-breach

Cryptocurrency exchange Coinbase announced that the recent data breach exposed data belonging to 69,461 individuals. Coinbase disclosed that a data breach impacted 69,461 individuals after overseas support staff improperly accessed customer and corporate data. Coinbase recently revealed that rogue contractors stole data on under 1% of users and demanded $20M; the data breach was initially…
Coinbase says recent data breach impacts 69,461 customers

May 21, 2025 11:54 AM

Tags: breach, corporate, crypto, cybercrime, data, data-breach

Coinbase, a cryptocurrency exchange with over 100 million customers, revealed that a recent data breach in which cybercriminals stole customer and corporate data affected 69,461 individuals First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/coinbase-says-recent-data-breach-impacts-69-461-customers/
Hazy Hawk Exploits DNS Records to Hijack CDC, Corporate Domains for Malware Delivery

May 20, 2025 7:54 PM

Tags: cloud, corporate, dns, endpoint, exploit, malware, microsoft, scam, threat

A threat actor known as Hazy Hawk has been observed hijacking abandoned cloud resources of high-profile organizations, including Amazon S3 buckets and Microsoft Azure endpoints, by leveraging misconfigurations in the Domain Name System (DNS) records.The hijacked domains are then used to host URLs that direct users to scams and malware via traffic distribution systems (TDSes),…
4 ways to safeguard CISO communications from legal liabilities

May 20, 2025 10:54 AM

Tags: ciso, communications, corporate, cyber, data, defense, governance, government, incident, jobs, law, privacy, regulation, risk, vulnerability

Pay attention to the medium: CISOs also need to pay attention to what they say based on the medium in which they are communicating. Pay attention to “how we communicate, who we’re communicating with, what platforms we’re communicating on, and whether it’s oral or written,” Angela Mauceri, corporate director and assistant general counsel for cyber…
CTM360 maps out real-time phishing infrastructure targeting corporate banking worldwide

May 19, 2025 3:54 PM

Tags: banking, corporate, google, infrastructure, phishing

A phishing operation that targets corporate banking accounts across the globe has been analyzed in a new report by CTM360. The campaign uses fake Google ads, advanced … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/19/ctm360-cyberheist-phish-report/
Google strengthens secure enterprise access from BYOD Android devices

May 14, 2025 6:38 PM

Tags: access, android, corporate, google

Google has introduced Device Trust from Android Enterprise, a new solution for making sure that private Android devices used for work are secure enough to access corporate … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/14/device-trust-from-android-enterprise-secure-access/
4 critical leadership priorities for CISOs in the AI era

May 14, 2025 1:38 AM

Tags: access, ai, application-security, awareness, best-practice, business, ciso, cloud, corporate, cybersecurity, data, endpoint, guide, jobs, law, risk, sans, strategy, threat, tool, training, usa

1. Guide the C-suite As businesses rush to implement AI effectively, CISOs can play an important role in guiding the C-suite on a variety of matters, starting with vetting AI use cases, Alexander says. “These are conversations with technologists, security, and the business. You can’t just jump into the AI game without really understanding what…
Microsoft Listens to Security Concerns and Delays New OneDrive Sync

May 10, 2025 5:10 AM

Tags: corporate, cybersecurity, data, malware, microsoft, privacy, risk, service, software, vulnerability

Misuse of the newly announced Microsoft OneDrive synchronization feature puts corporate security and personal privacy at serious risk in ways not likely understood by the users. Microsoft wants people to connect their personal OneDrive file share with their work systems, synchronizing potentially private files onto their enterprise managed PCs. The problem is having these files…
Microsoft OneDrive move may facilitate accidental sensitive file exfiltration

May 9, 2025 7:10 AM

Tags: access, ai, automation, business, ceo, ciso, cloud, compliance, control, corporate, data, email, gartner, linkedin, microsoft, privacy, risk, risk-assessment, saas, startup, threat, tool, vulnerability, windows

want to make syncing easier, as it can create lots of security and IT headaches.The rollout was originally scheduled for this weekend (May 11), but sometime late on Thursday, the Microsoft page about the feature was changed to say that it was being pushed out in June. Microsoft did not immediately explain the delay, but discussions…
Education giant Pearson hit by cyberattack exposing customer data

May 8, 2025 11:10 PM

Tags: corporate, cyberattack, data, threat

Education giant Pearson suffered a cyberattack, allowing threat actors to steal corporate data and customer information, BleepingComputer has learned. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/education-giant-pearson-hit-by-cyberattack-exposing-customer-data/
Rethinking Executive Security in the Age of Human Risk

May 8, 2025 5:10 PM

Tags: compliance, corporate, finance, fraud, risk

Nisos Rethinking Executive Security in the Age of Human Risk Employment fraud is no longer just an HR issue – it’s an enterprise-wide risk that threatens financial stability, regulatory compliance, and corporate reputation… First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/rethinking-executive-security-in-the-age-of-human-risk/
AWS Study: Generative AI Tops Corporate Budget Priorities, Surpassing Cybersecurity

May 7, 2025 10:11 PM

Tags: ai, corporate, cybersecurity

A new AWS study finds generative AI has become the top budget priority for 2025, surpassing cybersecurity, as businesses accelerate adoption and face talent gaps. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/ai-surpasses-cybersecurity-aws-study/
Personal data of top executives easily found online

May 7, 2025 6:50 AM

Tags: corporate, data

The personal information of 75% of corporate directors can be found on people search sites, according to Incogni. People search sites claim to reveal a variety of personal … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/07/corporate-directors-personal-information-online/
App Used by Trump Adviser Suspends Services After Hack Taking ’15-20 Minutes’

May 6, 2025 4:50 PM

Tags: corporate, government, hacker, service

TeleMessage, a messaging app used by Trump adviser Mike Waltz, has suspended services after a hacker accessed sensitive government and corporate data. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-telemessage-hack/
Critical Microsoft 0-Click Telnet Vulnerability Enables Credential Theft Without User Action

May 6, 2025 8:50 AM

Tags: attack, corporate, credentials, cyber, exploit, flaw, microsoft, network, theft, vulnerability, windows

A critical vulnerability has been uncovered in Microsoft’s Telnet Client (telnet.exe), enabling attackers to steal Windows credentials from unsuspecting users, even without interaction in certain network scenarios. Security researchers warn that this >>zero-click